MSN Translators - referer Formats - 65.55.177.205 - Crawler, Spider, and User Agent ID forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

MSN Translators - referer Formats - 65.55.177.205

windowslivetranslator.com; translator.live.com; microsofttranslator.com

Pfui

5:30 pm on Oct 26, 2009 (gmt 0)

We've talked about the bot and exploit potentials of Google's translator. Just thought I'd mention a newly-seen variation from Live/Windows/MSN/Bing re an English to Italian translation:

FYI: 65.55.177.205 = windowslivetranslator.com

1.) Here's the first of two same-session referer formats (emphasis mine). The ASCII code is original to the referer:

http://65.55.177.205/BVSandbox.aspx?dl=it&mkt=it-IT&lp=en_it&a=http%3A%2F%2Fwww.example.com%2Ffilename.html

2.) The second referer format appeared on the server to which the above visitor was redirected:

http://65.55.177.205/BVFrame.aspx?s=tgt&from=en&to=it&a=http%3A%2F%2Fwww.example.com%2Ffilename.html

Only hits to the second server included both BVSandbox and BV Frame in the referers.

FWIW: A quick Google for "BVFrame" showed yet another translator-related MS Host, www.microsofttranslator.com (a.k.a. 96.17.8.10).

incrediBILL

5:38 am on Nov 2, 2009 (gmt 0)

Do you know if the MSN translators use a proxy and send the IP of the person generating the request?

Pfui

11:06 pm on Nov 2, 2009 (gmt 0)

I'm clueless, sorry.

caribguy

2:03 am on Nov 3, 2009 (gmt 0)

The image, CSS and javascript files are pulled by the browser that generates the request.

www.example.com 65.55.218.15 - - [02/Nov/2009:19:48:30 -0600] "GET /folder/file HTTP/1.1" 200 16177 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4"
www.example.com 127.0.0.1 - - [02/Nov/2009:19:48:33 -0600] "GET /stylesheet.css HTTP/1.1" 304 - "http://65.55.177.205/BVFrame.aspx?s=tgt&from=en&to=fr&a=http%3A%2F%2Fwww.example.com%2Ffolder%2Ffile" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4"
www.example.com 127.0.0.1 - - [02/Nov/2009:19:48:33 -0600] "GET /script.js HTTP/1.1" 304 - "http://65.55.177.205/BVFrame.aspx?s=tgt&from=en&to=fr&a=http%3A%2F%2Fwww.example.com%2Ffolder%2Ffile" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4"
www.example.com 65.55.215.168 - - [02/Nov/2009:19:48:30 -0600] "GET /folder/file HTTP/1.1" 200 16167 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4"

The 304 response could well be a misconfiguration on my part...

Here are some other headers, no proxy info:

environ
HTTP_ACCEPT'*/*'
CONNECTION_TYPE'Keep-Alive'
HTTP_USER_AGENT'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4'
HTTP_X_FORWARDED_SERVER'apache.example.com'
SERVER_NAME'0.0.0.0'
GATEWAY_INTERFACE'CGI/1.1'
HTTP_X_FORWARDED_FOR'65.55.218.39'
HTTP_ACCEPT_LANGUAGE'en-US'
REMOTE_ADDR'the.server.ip'
HTTP_X_FORWARDED_HOST'www.example.com'
SCRIPT_NAME''
REQUEST_METHOD'GET'
HTTP_HOST'the.server.ip:123456'
PATH_INFO'/Hosts/http/www.example.com:80/thanks-for-the-fish'
SERVER_PORT'123456'
SERVER_PROTOCOL'HTTP/1.1'
channel.creation_time1257213986
HTTP_ACCEPT_ENCODING'gzip, deflate'
SERVER_SOFTWARE'Zope/(Zope 5423.12-final, python 6.2.0, freebsd9) ZServer/3.5'
PATH_TRANSLATED'/Hosts/http/www.example.com:80/thanks-for-the-fish'

caribguy

3:58 am on Nov 3, 2009 (gmt 0)

Nevermind my clueless comment on the 304 status code - misread it as 204. Must have been drinking too much coffee.